Abstract
Access control in real systems is implemented using one or more abstractions based on the access control matrix (ACM). The most common abstractions are access control lists (ACLs) and capabilities. In this paper, we consider an extended Harrison-Ruzzo-Ullman (HRU) model to make some formal observations about capability systems versus access control list based systems. This analysis makes the characteristics of these types of access control mechanisms more explicit and is intended to provide a better understanding of their use. A combined model providing the flexibility of capabilities with the simplicity of the ACL and its relation to other models proposed earlier (e.g. [10,6]) are discussed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
M. Anderson, R. D. Pose, and C. S. Wallace. A password-capability system. The Computer Journal, 29(1):1–8, February 1986.
A. Dearle, R. di Bona, J. Farrow, F. Henskens, D. Hulse, A. Lindström, S. Norris, J. Rosenberg, and R. Vaughan. Protection in the grasshopper operating system. In Proceedings of the 6th International Workshop on Persistent Object Systems, pages 54–72, September 1994.
J. B. Dennis and E. C. Van Horn. Programming semantics for multiprogrammed computations. Communications of the ACM, 9(3):143–155, March 1966.
R. S. Fabry. Capability-based addressing. Communications of the ACM, 17(7):403–412, July 1974.
D. Ferraiolo and R. Kuhn. Role-based access controls. In 15th NIST-NCSC National Computer Security Conference, pages 554–563. October 1992.
L. Gong. A secure identity-based capability system. In IEEE Symposium on Security and Privacy, pages 56–63. IEEE Computer Science Press, Oakland, CA, May 1989.
P. M. Hansen, M. A. Linton, R. N. Mayo, M. Murphy, and D. A. Patterson. A performance evaluation of the intel iapx 432. Computer Architecture News, 10(4), June 1982.
M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461–471, August 1976.
P. Kaijser, T. Parker, and D. Pinkas. SESAME: The solution to security for open distributed systems. Computer Communications, 17(7):501–518, July 1994.
P. A. Karger. Improving security and performance for capability systems. Technical Report 149, University of Cambridge Computer Laboratory, Cambridge, England, October 1988. Dissertation submitted for the degree of Doctor of Philosophy.
B. W. Lampson. Protection. Operating Systems Review, 8(1):18–24, January 1974.
G. J. Myers and B. R. S. Buckingham. A hardware implementation of capability based addressing. ACM Operating Systems Review, 14(4):13–25, October 1980.
R. S. Sandhu. Lattice-based access control models. IEEE Computer, 26(11):9–19, November 1993.
R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38–47, February 1996.
J. Shirley, W. Hu, and D. Magid. Guide to Writing DCE Applications: DCE Security Model. O’Reilly & Associates, Inc., 1994.
A. S. Tanenbaum, S. J. Mullender, and R. van Renesse. Using sparse capabilities in a distributed operating system. In Proceedings of the 6th International Conference on Distributed Computing Systems, pages 558–563. IEEE, May 1986.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Saunders, G., Hitchens, M., Varadharajan, V. (1999). An Analysis of Access Control Models. In: Pieprzyk, J., Safavi-Naini, R., Seberry, J. (eds) Information Security and Privacy. ACISP 1999. Lecture Notes in Computer Science, vol 1587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48970-3_23
Download citation
DOI: https://doi.org/10.1007/3-540-48970-3_23
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65756-9
Online ISBN: 978-3-540-48970-2
eBook Packages: Springer Book Archive